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DIRECTOR OF CENTRAL INTELLIGENCE 
SECURITY COMMITTEE 
COMPUTER SECURITY SUBCOMITTEE 


— December 1981 
DCISEC-CSS-M141 


1. The One Hundred and Fo rty-First meeting of the Computer Security Subcomi 
was held on 17 November 1981 at McLean, VA, The meeting was 


convened at 0930 and in attendance were; 





Chairman 


Executive Secretary 


CI/ 

c; 

[A 

, CIA 

CIA 



Mr. Robert Graytock, Department of Justice 

Mr. Carl Martz, Navy 

Mr. Lynn McNulty, Departme nt of State 

I NSA 

Mr. Robert storcR, FBI 

Mr. James Studer, Army 

Mr. James Schenken, U.S. Secret Service 

Mr. Lynn Culkowski, Air Force 

Mr. Eugene Epperly, ODUSD (P) 

2. The minutes from the previous meeting were reviewed;, there were no changes ' 
or comments, and thus the minutes were accepted as written. 

3. The discussions on the rewrite of DCID 1/16 were continued from the last 
meeting, at which the NSA member presented a proposed policy statement of, and 
approach to, the DCID. For this meeting the CIA, Army, and Department of State 
members were requested to be prepared to present their views/proposals. These are 
summarized below: 


a. Department of State Mr. McNulty stated that cifter giving the problem 
considerable thought, that he was essentially in agreement with the approach proposed 
by the NSA member at the previous meeting. However, he felt that it was important 
that the document also include: 

— a statement of scope; since the scope of the document clearly has 
resource implications, he felt that a "bottom limit" should be defined so that it 
was clear as to which system types/ ADP applications the document applied. 

- a tie-in with other pertinent policy; the DCID should recognize 
other efforts within DoD, DCI, and the civil sector of the government (e.g. , TM-1 
of the 0MB circular) . 
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j / ~ 3ccouiitaljl.lity msclianisinj he felc t^hat the present clocuinent 

allows individual agencies to effectively ignore the DCJ.'s policy, and thus that 
it is important to incorporate a mechanism, such as periodic reporting of compliance 
status, accreditation actions, etc., which would provide sufficient visibility at 
the DCI level. • 
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STAT 


In the discussions which followed, there was general agreement on the desirability 
accoun uing/visibility mechanism. However, on the question of scope, some of 
the membership voiced the opinion that the applicability of the document should not 
^^tificially and unnecessarily limited. They felt that the resource problem 
could, and should be, managed locally. | 

H I provided copies of a proposed document (copies 

attached), and discussed his approach. Basically, the draft provides 'a succinct 
statement of policy, to which is added sections dealing with, the following topics; 

) 

- allowable modes of operation and minimum requirements; 

- procurement /acquisition; 

- accountability on compliance; 

- memoranda of agreements for joint operations; 

- reaccreditation and review of threats/vulnerabilitJes; 

temporary exemptions for unusual and/or emergency situations. ^ 

Co^ients o.: Lhe proposed jei-'ri. te centered on the details of the exemption mechanism, 
and on the section dealing v/ith allowable modes; basically, some of the members felt 
that uhe c;^_rnition of all nvjahle modes/minimum requirements was overly restrictive 
and did no- allow sufficient flexibility to take into account technological innovation 
or envirori—'cncal factors. lliere was additional discussion concerning what to do about 
word processors and stand-alone systems, with no consensus being reached. 

c. Army — Mr. — Studer — reiterated his support for the approach proposed at 
the previous meeting by | | He also discussed the specifics that 

needed to be appended to such a document, primarily: 

- technical g>uldelines which allow the NFIB member to choose the 

combination of system features and security countermeasures required to engineer a 
system which satisfies at least a minimum, and hopefully an optimum, security .sy.stem 
consonant with operational requirements. * 


- the capability to incorporate technological innovation. 

In the discussion which followed, there was general agreement on the need for the 
DCID to be sufficiently flexibile to allow case— by—case systems engineering, where 
warranted, to incorporate new technology and consideration for environmental factors. 
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d. The Chairman emphasized that the proposed rewrites and the opinions 
being voiced on the subject at this time were intended to be the views of the 
individual member only, and therefore need not have been staffed throughout the 
parent organization. Thus, he cautioned the membership against representing the 
comments/opinions expressed on this subject by any of the participants as anything 
but personal contributions which are intended to lead to a Subcommittee proposal 
for a rewrite of the DCID. 


4. The Chairman thanked the Army, CIA, and Department of State members for 
their contributions, and asked for volunteers for presentation of further views at 
the next meeting. These will be the Navy, FBI, Department of Justice and the Secret 
Service members. 1 
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- 5 -. — The next ip eeting was set for 0930 on Tuesday, 15 December 1981 at the 
McLean, VA. ; 


Executive Secretary 


Sanitized Copy Approved for Release 2010/1 1/17 : CIA-RDP87T00623R000200070039-7 




